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enclosed 
committee 

would appreciate a prompt report, together with such 
comment as you may desire to make* 

Will you kindly transmit your reply, in triplicate* 

Respectfully, 



Chairman* 


Enclosure* 


The committee herewith submits to you the 
bill, H.R. — J®.?.?. upon which the 
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99th CONGRESS TT « OQQA 
1st Session f[ # |\, ^OOl/ 

To amend the Act establishing the National Bureau of Standards to provide for a 
computer security research program within such Bureau, and to provide for 
the training of Federal employees who are involved in the management, 
operation, and use of automated information processing systems. 


IN THE HOUSE OF REPRESENTATIVES 

June 27, 1985 

Mr. Glickman (for himself, Mr. Fuqua, Mr. Brooks, Mr. Brown of California, 
Mr. Wirth, Mr. Walgren, Mr. Nelson of Florida, Mr. Wyden, Mr. 
Hughes, Mr. Lewis of Florida, and Mr. Horton) introduced the following 
bill; which was referred jointly to the Committees on Science and Technolo- 
gy and Government Operations 


A BILL 

To amend the Act establishing the National Bureau of Stand- 
ards to provide for a computer security research program 
within such Bureau, and to provide for the training of 
Federal employees who are involved in the management, 
operation, and use of automated information processing 
systems. 

1 Be it enacted by the Senate and House of Representa- 

2 tives of the United States of America in Congress assembled, 

3 SECTION 1. SHORT TITLE. 

4 This Act may be cited as the “Computer Security 

5 Research and Training Act of 1985”. 
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1 SEC. 2. FINDINGS. 

2 The Congress finds that — 

3 (1) in recent years the Federal Government has 
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become highly dependent on automated information 
processing systems for carrying out many of its 
missions; 

(2) the Government operates about 20,000 
medium- and large-scale mainframe computers, and by 
the end of this decade it will also have approximately 
half a million micro- and mini-computers; 

(3) the information stored in Government comput- 
ers and transmitted over the various communications 
networks that connect them represent valued property 
that is vulnerable to unauthorized access and disclo- 
sure, fraudulent manipulation, and disruption, 

(4) studies of computer-related fraud and abuse in 
Government agencies indicate a costly and widespread 
problem of significant proportions; 

(5) Government efforts to address the problems of 
computer security have focused on developing hard- 
ware and software systems to protect sensitive infor- 
mation, ensuring that new computer systems are de- 
signed to include security provisions, and requiring 
agencies to implement security procedures, and 

(6) these efforts must be supplemented if the prob- 
lems are to be solved, since the weak link in protecting 

•HR 2889 IB 


Sanitized Copy Approved for Release 2010/07/01 : CIA-RDP87M00220R000400460022-4 


Sanitized Copy Approved for Release 2010/07/01 : CIA-RDP87M00220R000400460022-4 

3 

1 the information stored, processed, and transmitted by 

2 Government computers remains the people who 

3 manage, use, and operate them. 

4 SEC. 3. ESTABLISHMENT OF COMPUTER SECURITY RESEARCH 

5 PROGRAM. 

6 The Act of March 3, 1901 (15 U.S.C. 271-278h), is 

7 amended by redesignating section 18 as section 19, and by 

8 inserting after section 17 the following new section: 

9 “Sec. 18. (a) The National Bureau of Standards shall 

10 establish and conduct a computer security research program 

11 to address the problems of computer security in the Federal 

12 Government, with primary emphasis upon the prevention of 

13 computer-related fraud and abuse through the training of era- 

14 ployees in computer security awareness and good security 

15 practice. 

16 “(b) The program shall — 

17 “(1) perform research and conduct studies to de- 

18 termine the nature and extent of computer security 

19 vulnerability in Federal agencies and their contractors; 

20 “(2) devise administrative, management, and tech- 

21 nical procedures and practices designed to protect the 

22 information stored, processed, and transmitted by 

23 Government computers; and 

24 “(3) develop guidelines for use by Federal agen- 

25 cies in training their employees, and the employees of 

•HK 2889 D 
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1 their contractors and of other organizations whose 

2 computers interface with Government computers, m 

3 computer security awareness and good secunty 

4 practice.”. 

5 SEC. 4. TRAINING BY FEDERAL AGENCIES IN COMPUTER 

6 SECURITY. 

7 (a) In GENERAL.-Each Federal agency shall provide 

8 mandatory periodic training in computer security, under the 

9 guidelines developed pursuant to section 18(b)(3) of the Act 

10 of March 3, 1901 (as added by section 3 of this Act), and m 

11 accordance with the regulations issued under subsection (O of 

12 this section, for all of its employees who are involved with 

13 the management, use, or operation of computers or 

14 automated information systems and for all of the employees 

15 and other personnel of its contractors who are involved with 

16 the management, use, or operation of computers which inter- 

17 face with Government computers. 

18 (b) Training Objectives.— Training under this sec- 

19 tion shall begin within 60 days after the issuance of the regu- 

20 lations described in subsection (c), and shall be designed- 

2 1 (1) to enhance employees’ awareness of the 

22 threats to and vulnerability of computer and communi- 

23 cations systems; and 

24 (2) to’ encourage the use of improved computer 

25 security practices at Government facilities. 

•HR 2889 IB 
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1 (c) Regulations.— Within six months after the date of 

2 the enactment of this Act, the Director of the Office of Per- 

3 sonnel Management shall issue regulations prescribing in 

4 detail the procedures and scope of the training to be provided 

5 by Federal agencies under subsection (a) and the manner in 

6 which such training is to be carried out. 

7 SEC. 5. AUTHORIZATION OF APPROPRIATIONS. 

8 There are hereby authorized to be appropriated to the 

9 National Bureau of Standards for the fiscal year 1987, to 

10 carry out the computer security research program under sec- 

11 tion 18 of the Act of March 3, 1901 (as added by section 3 of 

12 this Act), such sums as may be necessary. 

O 
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